JOB TITLE: Information Security Engineer Supervisor: Chief Information Officer Status: Exempt Salary: Starting at $80,988 Location: Fulton, MI Posting Closes: 07/24/2026 at 9am Excellent Benefit Package for Eligible Team Members - Employees contribute minimal cost sharing towards medical, dental, and vision insurance
- Employer Paid premiums on short term disability, life insurance and accidental death and dismemberment
- Flexible Spending Account for Medical Reimbursement
- 100% Employer paid Short Term and Long Term Disability, Life Insurance, and Accidental Death and Dismemberment Insurance
- Dependent Care FSA
- 401K Plan with eligible match
- MERS Plan for Law Enforcement
- A generous paid time off program where all employees begin earning accrued paid time off immediately upon hire
- Generous Tuition Reimbursement Program with Educational Release Time
- Thirteen Paid Holidays
- Employee wellness and fitness programs
- Opportunities to participate in NHBP Sponsored activities
- Public Student Loan Forgiveness eligible employer
POSITION SUMMARY This position is responsible for supporting the information security processes and security management incident response policy and to help create policies that protect the Tribe in data confidentiality, integrity, and availability. This position will maintain the technical mechanisms that enable these controls. This person is responsible for cyber security as it relates to monitoring, investigation, and reporting of security related events. The Information Security Engineer leads the Information Security team and will report to the Chief Information Officer. The primary responsibilities are to support the Information Security process and Security Management Incident Response policy and to implement process to protect the Nottawaseppi Huron Band of the Potawatomi's (NHBP) data, maintain confidentiality, integrity, and availability, as well as maintain the technical mechanisms that enable these controls. This position is responsible for Cyber Security as it relates to monitoring, investigating and reporting of security related events. The Information Security Engineer builds and maintains IT security solutions for the Tribe. ESSENTIAL FUNCTIONS The Nottawaseppi Huron Band of the Potawatomi reserves the right to change, amend, add, delete and otherwise assign any and all duties, responsibilities, and positions titles as it deems necessary to meet the needs of the government. - Review security implications of new applications and advise appropriately.
- Monitor and manage network security logs.
- Respond to technology security related external audits and compliance regulations.
- Balance technology security practice with institutional business practice in a way that causes the least amount of end user interruption.
- Validate and maintain Security Incident Management and Response policy to address potential threats.
- Investigate and respond to security incidents, conduct investigations and mount incident responses according to the Security Incident Management and Response policy.
- Provide management and guidance to security incident response team for handling information security incidents.
- Coordinate efforts among multiple business units in relation to security incident response efforts.
- Provide timely and relevant updates and investigation findings to IT management in response to security incidents and to help improve security posture.
- Work with the technical team to recover data after a security breach.
- Perform vulnerability testing, risk analyses and security assessments using industry standard security analysis tools, criteria, and penetration testing.
- Responsible for ensuring successful security and technical compliance of industry compliance standards including, but not limited to, HIPAA and HITECH standards.
- Ensuring Nottawaseppi Huron Band of the Potawatomi meet or exceed security standards on internal or external audits.
- Mitigate security vulnerabilities by implementing applicable solutions and tools.
- Responsible for monitoring and ensuring end-users are adhering to IT policies, standards, & best practices.
- Recognizing and addressing security vulnerabilities in workstations, internal and external servers, network devices, and applications.
- Ensure all servers and other IT related equipment are hardened to compliance and/or industry standards.
- Install, configure and manage firewalls, intrusion detection systems, VPNs, and other security devices.
- Collaborate with colleagues on authentication, authorization and encryption solutions.
- Evaluate new technologies and processes that enhance security capabilities.
- Develop, implement and maintain security plans and policies.
- Work with entire Information Technology team to develop, implement, and maintain Information Technology Disaster Recovery plan.
- Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
- Build, deploy, and track security measurements for computer systems and networks.
- Perform other duties as assigned.
The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required of personnel so classified. MINIMUM QUAILIFICATIONS An applicant’s education, training and experience must be sufficient to demonstrate that the applicant possesses the ability to successfully perform each of the essential functions. The requirements listed below are generally representative of the education, experience, and skills and/or ability required to enable one to successfully perform the essential functions associated with this position: - Must satisfactorily pass onsite proficiency test.
- A Bachelor’s degree in related field from accredited institution, or equivalent work experience.
- Five or more years' experience working in an Information Technology related position.
- Experience collecting, reviewing, and acting on system and security logs.
- Experience with enterprise computer networks and vulnerabilities.
- Experience with operating systems across all platforms, including mobile devices.
- Direct experience with anti-virus software, intrusion detection, firewalls and content filtering.
- Knowledge of risk assessment tools, technologies and methods.
- Knowledge of disaster recovery, computer forensic tools, technologies and methods.
- Experience with vulnerability management, identity and access management, application security, and encryption technologies.
- Knowledge of industry best practices regarding cybersecurity penetration testing.
- Knowledge of security intrusion/breech hardening concepts.
- Experience designing secure networks, systems and application architectures.
- Experience with Incident handling procedures.
- Ability to work independently and communicate with all levels of management and end users in written and verbal form.
- Excellent analytical skills, organizational skills, communication skills, ingenuity and the ability to work as part of a team.
- Must be available 24x7 to address technology concerns as they arise.
- Must possess a valid driver’s license and be GSA certifiable. Must be able to travel, if required.
- Must be able to pass a background check and drug screening.
- Ability to understand, gain knowledge, and appreciate the difference with Native American culture and customs.
- Confidentiality is required.
PREFERRED QUALIFICATIONS - Five or more years' experience within incident response.
- Professional experience in a system administration role supporting multiple platforms and applications.
- Current security related certification, such as CEH, CIPP, or CCFP.
- Demonstrated experience with hardening techniques, CVEs, network protocols, chain of custody, and incident response report writing.
- Strong understanding of endpoint security solutions to include File Integrity Monitoring and Data Loss Prevention
- Knowledge of mobile security, including experience with Mobile Device Management and implementing security controls.
- Experience working with security vendors, including submitting feature requests, evaluating products and analyzing security functionality of a diverse set of products.
- Experience with Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication.
- Experience with network and host security monitoring, detection and response tools and capabilities including IDSes, malware sandboxes, log correlation engines, flow collectors, memory forensics, etc.
- Experience planning, researching and developing security policies, standards and procedures.
- Demonstrated experience with a wide range of network security tools, including attack toolsets.
SECURITY SENSITIVE This position may contain information that is security sensitive and thereby subject to additional provisions. All information will be protected under IHS/HIPAA, CJIS, and other rules and regulations as required by the NHBP IT security policies. INDIAN PREFERENCE Tribal preference will be applied in accordance with the NHBP Indian Preference in Employment Code which requires that preference in employment be afforded to NHBP members, spouse/parents of NHBP members and Native Americans who meet the minimum qualifications and can successfully perform the essential functions for the position.
|